Add --host flag to docker model install-runner command

[ericcurtin]

Add clarifying comment about host security for auto-installation

Add tests for --host flag in install-runner command

Summary by Sourcery

Introduce a --host flag to the install-runner command to let users specify the host address for binding the Docker Model Runner, defaulting to localhost for security.

New Features:

• Add --host flag to install-runner command with default value 127.0.0.1
• Expose host parameter in CreateControllerContainer to bind Docker ports to a custom host

Enhancements:

• Bind to custom host in port bindings and only include bridge gateway IP when host is localhost
• Add clarifying comment about default localhost binding for auto-installation

Documentation:

• Update model_install-runner reference to include the new --host option

Tests:

• Add unit tests to verify --host flag presence, default, type, and value setting
• Add tests for install-runner command flags, usage, and argument validation

[sourcery-ai]

Reviewer's Guide

This PR introduces a new --host flag to the install-runner command, updating the container creation logic to bind to the specified host instead of a hardcoded address, ensures secure defaults for auto-installation, updates the CLI reference docs, and adds tests for the new flag.

Class diagram for updated CreateControllerContainer and install-runner command

classDiagram
    class CreateControllerContainer {
        +CreateControllerContainer(ctx, dockerClient, port, host, environment, doNotTrack, gpu, modelStorageVolume, printer, engineKind)
    }
    class InstallRunnerCommand {
        +port: uint16
        +host: string
        +gpuMode: string
        +doNotTrack: bool
        +newInstallRunner()
    }
    InstallRunnerCommand --> CreateControllerContainer: calls

Loading

File-Level Changes

Change	Details	Files
CLI reference documentation updated to include the new --host flag	Adjusted table column alignment for the default values column Added a new --host option with default 127.0.0.1 and description	cmd/cli/docs/reference/model_install-runner.md
Container creation logic enhanced to accept and use the host parameter	Expanded CreateControllerContainer signature to include a host argument Replaced hardcoded HostIP in portBindings with the new host parameter Conditionalized bridge gateway IP binding to only apply when host is localhost	cmd/cli/pkg/standalone/containers.go
install-runner command updated to support --host flag and secure default binding	Set default host to 127.0.0.1 for auto-installation in ensureStandaloneRunnerAvailable Propagated host argument into CreateControllerContainer calls Introduced host variable and bound it to a new --host flag in the Cobra command	cmd/cli/commands/install-runner.go
Added comprehensive tests for the --host flag and command configuration	Created tests verifying existence, default, type, and value setting of the host flag Checked that all expected flags (port, host, gpu, do-not-track) are present Validated command properties such as Use, Short description, RunE, and argument handling	cmd/cli/commands/install-runner_test.go

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[Copilot]

Pull Request Overview

This PR adds a --host flag to the Docker Model Runner install command to allow users to specify the host address for binding the container. The changes enable configuring the network binding while maintaining security defaults.

• Adds --host flag with default value "127.0.0.1" to install-runner command
• Updates container creation logic to use the configurable host parameter
• Adds comprehensive test coverage for the new flag functionality

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
cmd/cli/pkg/standalone/containers.go	Updates CreateControllerContainer function to accept host parameter and conditionally bind bridge gateway IP only for localhost
cmd/cli/commands/install-runner.go	Adds host flag to CLI command and passes it to container creation functions
cmd/cli/docs/reference/model_install-runner.md	Documents the new --host flag in CLI reference
cmd/cli/commands/install-runner_test.go	Adds comprehensive test coverage for the new host flag functionality

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[gemini-code-assist]

Summary of Changes

Hello @ericcurtin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the install-runner command by introducing a --host flag, providing greater control over the network interface the Docker Model Runner binds to. It prioritizes security by defaulting to localhost for automatic installations while offering flexibility for users to specify alternative host addresses. The changes include updates to the command-line interface, core container creation logic, and comprehensive test coverage, along with updated documentation.

Highlights

• New Host Flag: Introduced a new --host flag to the install-runner command, allowing users to specify the host address for binding the Docker Model Runner.
• Security Default: The --host flag defaults to 127.0.0.1 (localhost) for auto-installation to enhance security, with an explicit comment clarifying this behavior.
• Container Binding Logic: Modified the container creation logic to use the specified host for port binding and conditionally add bridge gateway IP binding only when the host is 127.0.0.1.
• New Tests: Added a new test file (install-runner_test.go) to thoroughly validate the functionality of the --host flag, including its existence, default value, type, and value setting.
• Documentation Update: Updated the model_install-runner.md documentation to include the new --host flag, its type, default value, and description.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `cmd/cli/commands/install-runner.go:165` </location>
<code_context>

 func newInstallRunner() *cobra.Command {
 	var port uint16
+	var host string
 	var gpuMode string
 	var doNotTrack bool
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Defaulting the host flag to '127.0.0.1' is a good security measure, but users may not realize the implications.

Please update the CLI help text to clearly warn users about the security risks of binding to non-localhost addresses.

Suggested implementation:

```golang
	var host string

```

```golang
	c := &cobra.Command{

```

```golang
	// ... other flag definitions ...
	c.Flags().StringVar(
		&host,
		"host",
		"127.0.0.1",
		"Host address to bind the model runner. WARNING: Binding to non-localhost addresses (e.g., 0.0.0.0) may expose your model runner to the network and pose security risks. Use '127.0.0.1' to restrict access to localhost only.",
	)

```
</issue_to_address>

### Comment 2
<location> `cmd/cli/commands/install-runner.go:263` </location>
<code_context>
 	}
 	c.Flags().Uint16Var(&port, "port", 0,
 		"Docker container port for Docker Model Runner (default: 12434 for Docker CE, 12435 for Cloud mode)")
+	c.Flags().StringVar(&host, "host", "127.0.0.1", "Host address to bind Docker Model Runner")
 	c.Flags().StringVar(&gpuMode, "gpu", "auto", "Specify GPU support (none|auto|cuda)")
 	c.Flags().BoolVar(&doNotTrack, "do-not-track", false, "Do not track models usage in Docker Model Runner")
</code_context>

<issue_to_address>
**🚨 suggestion (security):** CLI flag description for 'host' could clarify security implications.

Consider updating the 'host' flag description to note that using '0.0.0.0' or a public IP will make the service accessible externally, which may pose a security risk.

```suggestion
	c.Flags().StringVar(&host, "host", "127.0.0.1", "Host address to bind Docker Model Runner (use '0.0.0.0' or a public IP to allow external access; this may pose a security risk)")
```
</issue_to_address>

### Comment 3
<location> `cmd/cli/commands/install-runner_test.go:88-89` </location>
<code_context>
+	}
+}
+
+func TestInstallRunnerValidArgsFunction(t *testing.T) {
+	cmd := newInstallRunner()
+
</code_context>

<issue_to_address>
**suggestion (testing):** Missing test for command argument rejection.

Please add a test that passes arguments to the command and confirms they are rejected as intended.

```suggestion
func TestInstallRunnerValidArgsFunction(t *testing.T) {
	cmd := newInstallRunner()
}

func TestInstallRunnerRejectsArguments(t *testing.T) {
	cmd := newInstallRunner()
	// Simulate passing an unexpected argument
	cmd.SetArgs([]string{"unexpected-arg"})
	err := cmd.Execute()
	if err == nil {
		t.Error("Expected error when passing arguments to install-runner, got nil")
	}
}
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request introduces a --host flag to the install-runner command, allowing users to specify the host address for the Docker Model Runner. The changes are well-implemented, defaulting to 127.0.0.1 for security, especially during auto-installation. The implementation correctly propagates the new host parameter down to the container creation logic and includes appropriate updates to documentation and new unit tests. My feedback focuses on improving the robustness of the new tests for clearer failure reporting.

[doringeman]

LGTM FWIW